pseudomanuscrypt | c328b0f3913a4eaa09445cd341c18e03f4aa4dc83479c46678241c8e5c884b29 | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-1703-x64

Sharing

General

Target

c328b0f3913a4eaa09445cd341c18e03f4aa4dc83479c46678241c8e5c884b29
Size

880KB
Sample

230322-kjge3ahg4v
MD5

9e14dec995887863a704ab32453fa5f6
SHA1

b3552d0e99bde52f2a1041040d741919397b2c35
SHA256

c328b0f3913a4eaa09445cd341c18e03f4aa4dc83479c46678241c8e5c884b29
SHA512

9b96074fabd0bae4a87e258f2f1427e73f7b8cecf14d9ea216862c1b80c3d3f90afc2c46ca50b69ac4e18d08af15756787737020cdd24c6e7619e26d35b99fbc
SSDEEP

6144:LQuiA1RTz/cYja2ieb5YbF5R+Jn8xH97r7Fh1d43wUmDm:nz/9ja2ieFYp5R+I7zY

Score

10^/10

pseudomanuscrypt loader

Static task

static1

Behavioral task

behavioral1

Sample

c328b0f3913a4eaa09445cd341c18e03f4aa4dc83479c46678241c8e5c884b29.exe

Resource

win10-20230220-en

pseudomanuscrypt loader

windows10-1703-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  c328b0f3913a4eaa09445cd341c18e03f4aa4dc83479c46678241c8e5c884b29
- Size
  
  880KB
- MD5
  
  9e14dec995887863a704ab32453fa5f6
- SHA1
  
  b3552d0e99bde52f2a1041040d741919397b2c35
- SHA256
  
  c328b0f3913a4eaa09445cd341c18e03f4aa4dc83479c46678241c8e5c884b29
- SHA512
  
  9b96074fabd0bae4a87e258f2f1427e73f7b8cecf14d9ea216862c1b80c3d3f90afc2c46ca50b69ac4e18d08af15756787737020cdd24c6e7619e26d35b99fbc
- SSDEEP
  
  6144:LQuiA1RTz/cYja2ieb5YbF5R+Jn8xH97r7Fh1d43wUmDm:nz/9ja2ieFYp5R+I7zY
Score

10^/10

pseudomanuscrypt loader
- Detects PseudoManuscrypt payload
  loader
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- PseudoManuscrypt
  PseudoManuscrypt is a malware Lazarus’s Manuscrypt targeting government organizations and ICS.
  loader pseudomanuscrypt
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

pseudomanuscryptloader

© 2018-2024

Terms | Privacy